Foundation Level (Level 1) encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21.Keep Reading
Level 2, referred to as the advanced level focuses on the protection of CUI. Advanced Level (Level 2) encompasses the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012.Keep Reading
The DoD intends for Level 3 (“Expert”) cybersecurity requirements to be assessed by Government officials. Assessment requirements are currently under development.Keep Reading
What is the CMMC CAP?
The CMMC Assessment Plan (CAP) is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments (for Level 2) are conducted consistently across the DIB. The four phases are:
A strong and effective CMMC Certification Assessment begins with a well-organized planning and preparation effort.Contact Us
The purpose of Phase 2 is to assess the implementation of CMMC practices by the OSC in conformance with the CMMC Model.Contact Us
In this phase, the Lead Assessor (with or without the Assessment Team Members) shall deliver the recommended Assessment results to the OSC during the Final Findings Briefing.Contact Us
The purpose of this phase is to allow OSCs that received a Conditional CMMC Level 2 Certification during Phase 3 to close out all practices validated on Plans of Action and Milestones (POA&M) during the C3PAO Assessment.Contact Us
We can help you identify the gap between your current security posture and your target CMMC Level.
Gain a comprehensive understanding of the CMMC maturity levels, domains, capabilities, processes, and practices. Understand the relationship between CMMC model, FAR clause 52.204-21, DFARS clause 252.204-7012, NIST SP 800-171, and other standards and frameworks. Gain the ability to interpret the requirements of the CMMC model in the specific context for an Organization Seeking Certification (OSC). Develop the necessary knowledge to support an organization in effectively planning, implementing, and attaining the required CMMC maturity level.
Provides us with the proper core Cybersecurity skills including advanced data cryptography & encryption, developing security policies, monitoring and diagnosing network traffic, risk manangement, identity access management, securing cloud deployments, identify threats-attacks-vulnerabilities.
Provides us with thorough working knowledge of the U.S. HIPAA Law and Regulations. CFR 45 164.308, 164.310 & 164.312, the Administrative, Technical and Physical safeguards of electronic Private Health Information (ePHI). 20 years of identifying ePHI and providing Confidentiality-Integrity-Availability of those patient records.
Provides us the ability to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises servers and endpoints. Target enumeration, OSINT data gathering and advanced social engineering tactics, techniques and procedures.
A security & compliance focused CISO with over 30 years of experience supporting Microsoft servers, clients, and network services. The last 20 years have been focused on continually identifying and safeguarding electronic Private Health Information (ePHI).
As a Security & Compliance Officer for several medical practices for the past 10 years, he has never allowed a breach of ANY patient records or company data in part due to strict adherence to NIST Guidelines and establishing a layered defense against malicious attacks.
Preparing OSC's for CMMC Certification by understanding their position within the three levels of cybersecurity maturity and identifying Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) data in their organization.
Being a Network Administrator for 30 years has afforded me the opportunity to participate in the birth of the Cybersecurity industry and in the maturation process to help secure our nation's digital assets.
I’m Marc Murphy, CEO and CCP for CMMC-Consultants.
I have 30 years of experience in the IT industry. My firm advises and remediates CMMC compliance gaps for small to mid-sized DIB companies.
For the past 20 years I have been identifying and securing ePHI in the Healthcare IT field. This experience has given me a vital skillset in data
identification/classification that now applies to identifying Federal Contract Information and Controlled Unclassified Information, which ePHI falls under.
Securing data for the DIB is a personal passion for me as a military historian and having a long family history of Military Service stretching back through Vietnam, WW2, WW1 and back to the Civil War. This mission to protect the US War Fighter is a noble and urgent cause...in the words of the WW2 War Bond effort....keep ‘em flying!